Google bakes computer use into Gemini 3.5 Flash, adds enterprise safeguards

Google on June 24, 2026 integrated computer use directly into Gemini 3.5 Flash, the company's fastest agentic model launched at I/O 2026. The feature is now available through the Gemini API and the renamed Gemini Enterprise Agent Platform, formerly Vertex AI.

The previous standalone Gemini computer use model achieved roughly 70% accuracy on the Online-Mind2Web benchmark, according to Google. Folding the capability into Flash consolidates what was a two-model workflow into a single call, allowing developers to activate computer use alongside code execution, search, and function calling.

Built-in tool, not a separate model

Product manager Mateo Quiros described the integration as giving Flash the ability to see, reason about, and take action on screens. The tool works across browsers, mobile devices, and desktops. Previously, developers had to feed a standalone agent a screenshot, receive a structured command, execute it, and send back the updated view. Now that loop runs inside Flash itself.

• Computer use is one of several tools bundled in Flash, eliminating the need for a dedicated model.
• The feature handles clicking, typing, scrolling, and screen observation.
• Google recommends it for continuous software testing and multi-step browser automation for knowledge workers.
• Pricing follows Flash's pay-as-you-go rates, which are generally cheaper than heavier models.

Safety layers for enterprise trust

Google applied targeted adversarial training specifically for prompt injection, the attack where malicious instructions embedded in a webpage trick an AI agent. The company offers two optional enterprise safeguards on top of the base model. The first requires explicit user confirmation before the agent executes sensitive or irreversible actions such as submitting a form, making a purchase, or deleting data. The second automatically halts the agent if it detects an indirect prompt injection attempt. Both safeguards are opt-in, meaning developers must activate them. Google advises a defense-in-depth approach and acknowledges that no single safeguard is sufficient.

The competitive landscape includes Anthropic's Claude Computer Use, which works across operating systems and file systems, and OpenAI's own agentic capabilities. Google's Chrome Enterprise already added agentic browsing features earlier this year. The new Flash integration extends that philosophy beyond Chrome to any screen an agent can see. Whether the cost advantage holds depends on how many actions a workflow requires and how often safety guardrails interrupt execution. Computer use remains early stage, struggling with unexpected pop-ups, CAPTCHAs, and dynamic layouts. Google has not published updated benchmark scores for the built-in tool versus the standalone model, nor disclosed customer case studies. The opt-in guardrails signal that the capability is not yet mature enough to run fully unsupervised.